AS2, AS3, ebMS, OFTPv2, RNIF, and other protocols require use of a digital certificate for encryption and signing purposes. Other security features within the Cleo Harmony, Cleo VLTrader, and Cleo LexiCom applications (for example, XML Encryption within the Mailbox Packaging tab) also require a digital certificate. See Mailbox Packaging Tab . As a prerequisite to setting up a trading relationship, you must aquire a digital certificate your trading partner. See Certificate Manager for information on digital certificates.
If you have not already done so, generate a user certificate to use for signing messages sent to your trading partner and decrypting message received from your trading partner.
Your trading partner might not allow self-signed certificates, and instead require that your certificate be signed by a trusted Certificate Authority (CA). To acquire a CA-signed certificate, forward a Certificate Signing Request (CSR) to the CA. See Generating PEM-formatted certificate signing requests. Then, after receiving a signed certificate back from the CA, replace your self-signed certificate with the CA-signed certificate. See Replacing trusted CA certificates.
If you already have a certificate and private key currently stored outside of the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application to be used for signing/encryption, import the certificate and private key. See Importing certificates.
If you have multiple trading relationships, you might be able to use the same user certificate for all. The Local Listener wizard sets the default signing/encryption certificates in the Local Listener: Certificates tab. See Configuring certificates for Local Listener. If a different user certificate must be used for a specific trading relationship, you can override the Local Listener certificates at the mailbox level (for example, AS2 Mailbox: Certificates Tab).
You and your trading partner must agree on the method of certificate exchange. You can exchange certificates through a web site, a courier service, regular mail, as email attachments or through EDIINT Certificate Exchange Messaging (CEM) – see Exchanging Certificates with Your Trading Partner for further information. (The mailbox Notes tab might come preconfigured with specific information concerning certificate exchange with a particular trading partner.)
If emailing, use the Email Profile utility. This utility is also used to send your URL information. Even if the utility will not be used to forward your profile to your trading partner, the utility can be used to capture the information locally.
The Email Profile utility automatically exports the appropriate user certificate(s) for attachment. If you are not using the utility, you need to export your user certificate by hand. See Exporting certificates
Please sign in to leave a comment.